MSHTML vulnerability — Defence and Threat Hunting
MSHTML vulnerability defensive approach: telemetry sources, hunting queries, indicators of exploitation and detection rules for SOC teams.
Tag
MSHTML vulnerability defensive approach: telemetry sources, hunting queries, indicators of exploitation and detection rules for SOC teams.
Mass exploitation of ProxyLogon (CVE-2021-26855/26857/26858/27065) on Microsoft Exchange Server: web shell hunting, two distinct intrusion sets observed in Italy, defensive guidance and post-compromise containment.
Three foundational defensive activities every organisation should run continuously: monitoring, detection-engineering and incident response — paired with threat intelligence.